Thread: [mod-security-users] JSON support was not enabled
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-users
|
From: junaid.khan <jun...@na...> - 2019-03-26 04:38:40
Attachments:
image001.png
|
Dear Support
I need to enable JSON support on mod_sec nginx kindly guide how I enable it.
2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]
2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON support was not enabled [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]
2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id "200002"] [msg "Failed to parse request body."] [data ""] [severity "CRITICAL"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]
^C
Regards,
Junaid Khan | System Administrator
+92 03018281775 | +92 21 38400633 [Ext: 5531]
jun...@na... <mailto:jun...@na...> | <http://www.nayapay.com/> www.nayapay.com
|
|
From: Christian V. <cv...@it...> - 2019-03-26 13:54:05
Attachments:
image001.png
|
In your modsec conf append the line in yellow.
If you already have this line and is not working, maybe is because the
modsec was not compiled with the json support
SecDebugLogLevel 3
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditLogDirMode 1733
SecAuditLogFileMode 0550
SecAuditLogFormat JSON
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4)"
# Log everything we know about a transaction.
SecAuditLogParts ABCHIZ
Cheers.
El mar., 26 de mar. de 2019 01:39, junaid.khan <jun...@na...>
escribió:
> Dear Support
>
>
>
> I need to enable JSON support on mod_sec nginx kindly guide how I enable
> it.
>
>
>
>
>
> 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity:
> Warning. Match of "within %{tx.allowed_http_versions}" against
> "REQUEST_PROTOCOL" required. [file
> "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"]
> [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by
> policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"]
> [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"]
> [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag
> "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""]
> [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id
> "AcAcAcAcAcAYlcAcAbAcAcA2"]
>
> 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON
> support was not enabled [hostname ""] [uri
> "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id
> "AcAcAcAcAcAYlcAcAbAcAcA2"]
>
> 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access
> denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR"
> required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id
> "200002"] [msg "Failed to parse request body."] [data ""] [severity
> "CRITICAL"] [hostname ""] [uri
> "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id
> "AcAcAcAcAcAYlcAcAbAcAcA2"]
>
> ^C
>
>
>
> Regards,
>
> *Junaid Khan* | *System Administrator*
>
> +92 03018281775 | +92 21 38400633 [Ext: 5531]
>
> jun...@na... | www.nayapay.com
>
> [image: cid:image001.png@01D43481.09450210]
>
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
|
From: junaid.khan <jun...@na...> - 2019-03-27 04:20:17
|
I add mention yellow line in modsec conf file and when I restart the nginx service it give error against modsec line call in nginx file.
Mod sec file conf:
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditLogFormat JSON
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
Error Message:
[root@ny-middleware-fwd ~]# systemctl restart nginx
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
[root@ny-middleware-fwd ~]# systemctl status nginx.service
â— nginx.service - The NGINX HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Wed 2019-03-27 14:18:52 PKT; 4s ago
Process: 501 ExecStop=/bin/kill -s QUIT (code=exited, status=1/FAILURE)
Process: 331 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)
Process: 506 ExecStartPre=/usr/local/nginx/sbin/nginx -t (code=exited, status=1/FAILURE)
Main PID: 333 (code=exited, status=0/SUCCESS)
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Stopped The NGINX HTTP and reverse proxy server.
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Unit nginx.service entered failed state.
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: nginx.service failed.
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Starting The NGINX HTTP and reverse proxy server...
Mar 27 14:18:52 ny-middleware-fwd nginx[506]: nginx: [emerg] ModSecurityConfig in /usr/local/nginx/conf/nginx.conf:50: Unknown...Format
Mar 27 14:18:52 ny-middleware-fwd nginx[506]: nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: nginx.service: control process exited, code=exited status=1
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Failed to start The NGINX HTTP and reverse proxy server.
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: Unit nginx.service entered failed state.
Mar 27 14:18:52 ny-middleware-fwd systemd[1]: nginx.service failed.
From: Christian Varas [mailto:cv...@it...]
Sent: Tuesday, March 26, 2019 6:23 PM
To: mod...@li...
Subject: Re: [mod-security-users] JSON support was not enabled
In your modsec conf append the line in yellow.
If you already have this line and is not working, maybe is because the modsec was not compiled with the json support
SecDebugLogLevel 3
# -- Audit log configuration -------------------------------------------------
# Log the transactions that are marked by a rule, as well as those that
# trigger a server error (determined by a 5xx or 4xx, excluding 404,
# level response status codes).
#
SecAuditLogDirMode 1733
SecAuditLogFileMode 0550
SecAuditLogFormat JSON
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4)"
# Log everything we know about a transaction.
SecAuditLogParts ABCHIZ
Cheers.
El mar., 26 de mar. de 2019 01:39, junaid.khan <jun...@na... <mailto:jun...@na...> > escribió:
Dear Support
I need to enable JSON support on mod_sec nginx kindly guide how I enable it.
2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]
2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON support was not enabled [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]
2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id "200002"] [msg "Failed to parse request body."] [data ""] [severity "CRITICAL"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"]
^C
Regards,
Junaid Khan | System Administrator
+92 03018281775 | +92 21 38400633 [Ext: 5531]
jun...@na... <mailto:jun...@na...> | <http://www.nayapay.com/> www.nayapay.com
_______________________________________________
mod-security-users mailing list
mod...@li... <mailto:mod...@li...>
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/
|
|
From: Eero V. <eer...@ik...> - 2019-03-26 14:19:18
Attachments:
image001.png
|
Please specify your Linux OS version, distribution name and what package
repository is used to install nginx modsecurity module?
Eero
On Tue, Mar 26, 2019 at 6:39 AM junaid.khan <jun...@na...> wrote:
> Dear Support
>
>
>
> I need to enable JSON support on mod_sec nginx kindly guide how I enable
> it.
>
>
>
>
>
> 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity:
> Warning. Match of "within %{tx.allowed_http_versions}" against
> "REQUEST_PROTOCOL" required. [file
> "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"]
> [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by
> policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"]
> [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"]
> [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag
> "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""]
> [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id
> "AcAcAcAcAcAYlcAcAbAcAcA2"]
>
> 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON
> support was not enabled [hostname ""] [uri
> "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id
> "AcAcAcAcAcAYlcAcAbAcAcA2"]
>
> 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access
> denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR"
> required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id
> "200002"] [msg "Failed to parse request body."] [data ""] [severity
> "CRITICAL"] [hostname ""] [uri
> "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id
> "AcAcAcAcAcAYlcAcAbAcAcA2"]
>
> ^C
>
>
>
> Regards,
>
> *Junaid Khan* | *System Administrator*
>
> +92 03018281775 | +92 21 38400633 [Ext: 5531]
>
> jun...@na... | www.nayapay.com
>
> [image: cid:image001.png@01D43481.09450210]
>
>
>
>
> _______________________________________________
> mod-security-users mailing list
> mod...@li...
> https://lists.sourceforge.net/lists/listinfo/mod-security-users
> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
> http://www.modsecurity.org/projects/commercial/rules/
> http://www.modsecurity.org/projects/commercial/support/
>
|
|
From: junaid.khan <jun...@na...> - 2019-03-27 04:26:04
Attachments:
image001.png
|
CentOS Linux release 7.6.1810 (Core) NAME="CentOS Linux" VERSION="7 (Core)" ID="centos" ID_LIKE="rhel fedora" VERSION_ID="7" PRETTY_NAME="CentOS Linux 7 (Core)" ANSI_COLOR="0;31" CPE_NAME="cpe:/o:centos:centos:7" HOME_URL="https://www.centos.org/" BUG_REPORT_URL=https://bugs.centos.org/ Install Nginx Modsecurity: I install nginx through below mention link https://www.thermo.io/how-to/security/installing-modsec-for-nginx-on-centos7 also used mention link to enable Jason support in modsecurity but still facing issue https://stackoverflow.com/questions/35202761/json-support-was-not-enabled-modsecurity From: Eero Volotinen [mailto:eer...@ik...] Sent: Tuesday, March 26, 2019 7:19 PM To: mod...@li... Subject: Re: [mod-security-users] JSON support was not enabled Please specify your Linux OS version, distribution name and what package repository is used to install nginx modsecurity module? Eero On Tue, Mar 26, 2019 at 6:39 AM junaid.khan <jun...@na... <mailto:jun...@na...> > wrote: Dear Support I need to enable JSON support on mod_sec nginx kindly guide how I enable it. 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Warning. Match of "within %{tx.allowed_http_versions}" against "REQUEST_PROTOCOL" required. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"] 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON support was not enabled [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"] 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id "200002"] [msg "Failed to parse request body."] [data ""] [severity "CRITICAL"] [hostname ""] [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id "AcAcAcAcAcAYlcAcAbAcAcA2"] ^C Regards, Junaid Khan | System Administrator +92 03018281775 | +92 21 38400633 [Ext: 5531] jun...@na... <mailto:jun...@na...> | <http://www.nayapay.com/> www.nayapay.com _______________________________________________ mod-security-users mailing list mod...@li... <mailto:mod...@li...> https://lists.sourceforge.net/lists/listinfo/mod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://www.modsecurity.org/projects/commercial/rules/ http://www.modsecurity.org/projects/commercial/support/ |
|
From: Felipe R. <fel...@gm...> - 2019-03-27 14:05:19
Attachments:
image001.png
|
nginx_refactoring branch is almost five years old. You're probably want v2.9.3 or master branch which is libmodsecurity (v3). On Wed, Mar 27, 2019 at 1:32 AM junaid.khan <jun...@na...> wrote: > CentOS Linux release 7.6.1810 (Core) > > NAME="CentOS Linux" > > VERSION="7 (Core)" > > ID="centos" > > ID_LIKE="rhel fedora" > > VERSION_ID="7" > > PRETTY_NAME="CentOS Linux 7 (Core)" > > ANSI_COLOR="0;31" > > CPE_NAME="cpe:/o:centos:centos:7" > > HOME_URL="https://www.centos.org/" > > BUG_REPORT_URL=https://bugs.centos.org/ > > > > *Install Nginx Modsecurity:* > > > > I install nginx through below mention link > > > https://www.thermo.io/how-to/security/installing-modsec-for-nginx-on-centos7 > > > > also used mention link to enable Jason support in modsecurity but still > facing issue > > > > > https://stackoverflow.com/questions/35202761/json-support-was-not-enabled-modsecurity > > > > *From:* Eero Volotinen [mailto:eer...@ik...] > *Sent:* Tuesday, March 26, 2019 7:19 PM > *To:* mod...@li... > *Subject:* Re: [mod-security-users] JSON support was not enabled > > > > Please specify your Linux OS version, distribution name and what package > repository is used to install nginx modsecurity module? > > > > Eero > > > > On Tue, Mar 26, 2019 at 6:39 AM junaid.khan <jun...@na...> > wrote: > > Dear Support > > > > I need to enable JSON support on mod_sec nginx kindly guide how I enable > it. > > > > > > 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: > Warning. Match of "within %{tx.allowed_http_versions}" against > "REQUEST_PROTOCOL" required. [file > "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] > [line "1084"] [id "920430"] [msg "HTTP protocol version is not allowed by > policy"] [data "HTTP/1.1"] [severity "CRITICAL"] [ver "OWASP_CRS/3.1.0"] > [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] > [tag "attack-protocol"] [tag "OWASP_CRS/POLICY/PROTOCOL_NOT_ALLOWED"] [tag > "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A6"] [tag "PCI/6.5.10"] [hostname ""] > [uri "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id > "AcAcAcAcAcAYlcAcAbAcAcA2"] > > 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: JSON > support was not enabled [hostname ""] [uri > "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id > "AcAcAcAcAcAYlcAcAbAcAcA2"] > > 2019/03/19 17:28:22 [error] 5750#0: [client 10.1.1.24] ModSecurity: Access > denied with code 400 (phase 2). Match of "eq 0" against "REQBODY_ERROR" > required. [file "/usr/local/nginx/conf/modsecurity.conf"] [line "60"] [id > "200002"] [msg "Failed to parse request body."] [data ""] [severity > "CRITICAL"] [hostname ""] [uri > "/nayapay-middleware-0.0.1/app-data/get-nayapay-id"] [unique_id > "AcAcAcAcAcAYlcAcAbAcAcA2"] > > ^C > > > > Regards, > > *Junaid Khan* | *System Administrator* > > +92 03018281775 | +92 21 38400633 [Ext: 5531] > > jun...@na... | www.nayapay.com > > [image: cid:image001.png@01D43481.09450210] > > > > > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > > _______________________________________________ > mod-security-users mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-users > Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: > http://www.modsecurity.org/projects/commercial/rules/ > http://www.modsecurity.org/projects/commercial/support/ > -- *Nenhum Sonho é grande demais.* |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X